General
-
Target
6a4d937a9465a55168327d033b178477d674aa85ffeeda1e7c672afae454d710
-
Size
1.0MB
-
Sample
240427-bmgqkafh28
-
MD5
b7fd6913149621e08383ddff7786ee71
-
SHA1
b441912ee94877873f4e646193ec687a0aa24792
-
SHA256
6a4d937a9465a55168327d033b178477d674aa85ffeeda1e7c672afae454d710
-
SHA512
7606f10798dbd47d200a1b0e055f30eaff266ba561c7fbf2888d929b497e790443fe05c2b0daa4850f37daf6f2e7a2e6acc10d9f9975e0326a5e0169856274b6
-
SSDEEP
24576:PAHnh+eWsN3skA4RV1Hom2KXMmHacCZ5rRaBZ2ap5:yh+ZkldoPK8YacCZ5diZ5
Static task
static1
Behavioral task
behavioral1
Sample
6a4d937a9465a55168327d033b178477d674aa85ffeeda1e7c672afae454d710.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6a4d937a9465a55168327d033b178477d674aa85ffeeda1e7c672afae454d710.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.fosna.net - Port:
21 - Username:
madamweb@fosna.net - Password:
=A+N^@~c]~#I
Targets
-
-
Target
6a4d937a9465a55168327d033b178477d674aa85ffeeda1e7c672afae454d710
-
Size
1.0MB
-
MD5
b7fd6913149621e08383ddff7786ee71
-
SHA1
b441912ee94877873f4e646193ec687a0aa24792
-
SHA256
6a4d937a9465a55168327d033b178477d674aa85ffeeda1e7c672afae454d710
-
SHA512
7606f10798dbd47d200a1b0e055f30eaff266ba561c7fbf2888d929b497e790443fe05c2b0daa4850f37daf6f2e7a2e6acc10d9f9975e0326a5e0169856274b6
-
SSDEEP
24576:PAHnh+eWsN3skA4RV1Hom2KXMmHacCZ5rRaBZ2ap5:yh+ZkldoPK8YacCZ5diZ5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-